I use to feel the same way before I started working at a larger Silicon Valley company as a software engineer. I graduated from a state school with a degree in Industrial Print Management and always felt like I was at a disadvantage because I didn't have a CS degree. Most of what I know about software engineering is self taught, I felt very self-conscious about this.
My performance did not match my perception and I was consistently outperforming my peers; getting recognition that I never felt I deserved. It turns out that practical experience is actually more valuable than academic experience. I would rather hire someone who's humble, driven, and ambitious but didn't go to CS school then someone who's none of those things but they have fancy degree.
I have GERD (hiatal hernia) and I stayed away from Caffeine for years because I was told it would trigger it. They also said to avoid spicy foods and exercise regularly. I started taking Prilosac and exercising regularly about 5 years ago. Now I can pretty much eat what I want (I go through a bottle of Sriracha every 3 months, it goes on everything :D). I think the key to managing GERD is the exercise and medicine. When I don't exercise I have more reflux. If you are not exercising regularly (which means exercising long enough to get super hungry), then you might want to try it to see if it improves your symptoms. Anecdotally, I think the GERD diet is total bullshit, I've tried it (with out meds) and I still experienced enough discomfort to convince me to take medication.
Edit: I forgot to mention I drink coffee every morning.
Hello fellow GERD-er, I've never heard of the GERD diet my doctor just throws pills at me.
Exercise for sure, when I started shift work my gym trips started to suffer until a few years later I stopped going. I had gone to the gym since just after high school, almost 20 years, and biking in the summer.
My undiagnosed GERD grew worse a few years later but wasn't discovered until my dentist put two-and-two together about why my teeth were so sensitive. I unknowingly discovered it years earlier when having bad coughing fits I discovered an antacid helped calm my coughing.
Unfortunately the Prevacid I took (lansoprazole) I think was causing my terrible pain in my back in the morning. I was diagnosed with fatty liver which I am sure was caused by the Prevacid since it's the only drug I take, I don't drink, don't smoke, pretty much no drugs other than caffeine. Doctor put me on dexalansoprazole but that makes my guts hurt, then Tectra (pantoprazole magnesium) which also hurts.
So I'm back to square one which is I eat small meals and exercise like a normal human should be doing anyway :/
The interesting thing is that they say the library used proprietary code. From talking to Contra, they are just using a REST API which is not documented (Undocumented API !== Proprietary). If you publish a publicly accessible API then expect it to be used by everyone and everything.
By that reasoning, can't one make the argument that what weev did was use an undocumented API though? The endpoints were publicly accessible but obfuscated (and quite poorly at that).
I wonder if by that token you could find a security exploit in an API that causes undesired behaviour (e.g. elevated privileges) and claim you're simply accessing an undocumented API?
Or another way of looking at it - does accessing an undocumented API constitute hacking/unauthorized access? (which is probably an even more serious violation than copyright infringement in most countries)
(disclaimer: I don't even know what this particular API is doing, or what's the alleged infringement, I'm just wondering about the principles in general)
Computers do what they're programmed to do, they do what you told them to do, if you didn't want your computer to respond to a buffer overflow by writing over the stack and executing a sequence of commands that escalated the defendant to an administrator, you shouldn't of programmed that feature in.
When you inserted that string directly into that SQL command, you gave your users access to a wide range of features. Now all of a sudden you don't like that feature any more because someone used it? You gave the users the ability to ask for arbitrary tables in your database, why should a hacker go to court for asking for a "user table"? Shouldn't you be the one in court?
That's how I saw things when I was ~15, anyway. I still kinda think that way... Though I've figured out that just because someone left their safe open, doesn't mean you get to steal the gold.
> Though I've figured out that just because someone left their safe open, doesn't mean you get to steal the gold.
True. Though on the other hand, if somebody figures out they they get free sodas when they hold down both the coke and sprite buttons, as far as I am concerned they get to have their free soda.
> > Though I've figured out that just because someone left their safe open, doesn't mean you get to steal the gold.
> True. Though on the other hand, if somebody figures out they they get free sodas when they hold down both the coke and sprite buttons, as far as I am concerned they get to have their free soda.
So, if the safe is left open, you don't get to take it, but if you press buttons that unintentionally make it open up, you get you have your free gold? uh.
If the teller gives you free money, that is on the teller, not you. Whether that teller is human or an automated machine doesn't particularly matter to me.
Just don't take money that the teller, automated or otherwise, does not volunteer. Regular safes and vaults, with no teller, have no agency and are not capable of giving you money.
"If the teller gives you free money, that is on the teller, not you." That's not true in law, if a bank mistakenly credits your account they can retrieve the money.
Considering that most custom scrapers these days simplify their job by using whatever undocumented API the site's javascript might be using (makes the job very easy, but is of course a fragile solution), making the use of undocumented APIs be considered "unauthorized access", even in the absence of a restrictive robots.txt or EULA, would be very bad for a lot of people.
If pushing the right buttons on a Video Poker machine to make it pay out 10x jackpot is a CFAA violation, then yes, writing a script to access an undocumented API is unauthorized access.
Then again, I'm pretty sure that company lost their case. How can you claim that it's not documented if you provide HTML and Javascript example code?
Maybe we need to start outsourcing our education to China and India. We can send our kids to India for their undergraduate degrees and then they can come back here to get their post-graduate degrees.
Move towards knowledge certification instead of a degree that states you completed your degree. Bar Exam, MCSE, Board Certifications, etc. If you have the drive and capacity to learn without attending college then you should be rewarded only having to take a certification exam.
Once enough schools go belly up people can just start listing those institutions on their resumes. Since the school is close there won't be an easy way to verify. (Just kidding of course)
How do you keep a nefarious script kiddie from filling up your logs with bogus data? My thoughts were this:
1. Set the window.onerror to immediately push errors to an array
2. Load a small unique script that will create a basic sendError function to post the onerror arguments to an endpoint with a unique csrf set.
3. Loop through the arguments that are queued up and send them to the endpoint.
4. Replace the window.onerror with the sendError function.
Your endpoint can be an API that will log the data to either something like Graylog2 or whatever your favorite logging system is. Not 100% bullet proof but better then nothing.
Wow, I thought he would have stuck around a lot longer. He seemed to really like it there. Friday was my last day at Yahoo, it's unbelievable how many people are leaving.
I'm not very surprised people are leaving. The company looks like it has lost its direction, investors no longer take the company seriously, and the CEO lied about his academic credentials. I would not want to be there when Yahoo is sold for scrap.
Where have you been? Yahoo! has been in limbo for half a decade, there has been a constant brain drain for all that time. The only engineers still working at Yahoo! are probably there because they can't find a job somewhere else.
I wonder why Crockford stayed there for so long, to be honest.
Very Awesome! Commmand-T (vim plugin) has been an essental part of my workflow for years now. I can't live without it. The biggest thorn for setting up a new host is having to procure VIM with Ruby support. Thank you so much for doing this!
My performance did not match my perception and I was consistently outperforming my peers; getting recognition that I never felt I deserved. It turns out that practical experience is actually more valuable than academic experience. I would rather hire someone who's humble, driven, and ambitious but didn't go to CS school then someone who's none of those things but they have fancy degree.